AMENDMENTS TO THE CLAIMS 



1 . (Original) A method for authenticating a mobile node in a wireless local area network 
including at least two access points for setting up wireless association between the mobile node 
and an authentication server for authenticating the mobile node, the method comprising the steps 
of: 

(a) when the mobile node associates with a first access point and performs initial 
authentication, receiving, by the mobile node, a first session key for secure communication fi-om 
the authentication server by using a first private key generated with a secret previously shared 
with the authentication server, and receiving, by the first access point, the first session key fi-om 
the authentication server by using a second private key previously shared with the authentication 
server; and 

(b) when the mobile node is handed over fi-om the first access point to a second access 
point and performs re-authentication, receiving, by the mobile node, a second session key for 
secure communication from the authentication server by using a third private key generated with 
authentication information generated during previous authentication and shared with the 
authentication server, and receiving, by the second access point, the second session key from the 
authentication server by using the second private key previously shared with the authentication 
server. 

2. (Original) The method of claim 1, wherein step (a) comprises the steps of: 
generating the first private key with the secret previously shared by the mobile node and 

the authentication server; 

generating, by the mobile node, first authentication information to be used dxiring next 
authentication request and transmitting a first enciphered message generated by enciphering the 
first authentication information with the first private key to the authentication server; 

storing, by the authentication server, the first authentication information acquired by 
deciphering the first enciphered message with the first private key and generating the first session 
key for secure communication; 



transmitting, by the authentication server, a second enciphered message generated by 
enciphering the first session key and the first authentication information with the first private key 
to the mobile node, and transmitting a third enciphered message generated by enciphering the 
first session key and the first authentication information v^ith the second private key previously 
shared with the first access point, to the first access point; 

acquiring, by the first access point, the first session key by deciphering the third 
enciphered message with the second private key, and acquiring, by the mobile node, the first 
session key by deciphering the second enciphered message with the first private key; and 

performing secure communication by the mobile node and the first access point by using 
the first session key. 

3. (Original) The method of claim 2, wherein the first authentication information includes 
a temporary identifier of the mobile node, a password for generating a private key to be used 
during next authentication, and a random number. 

4. (Original) The method of claim 3, wherein the first enciphered message includes a 
permanent identifier of the mobile node and the first authentication information. 

5. (Original) The method of claim 3, wherein the second enciphered message includes the 
first session key, a permanent identifier of the mobile node, and the random number. 

6. (Original) The method of claim 3, wherein the third enciphered message includes the 
first session key and the random number. 

7. (Original) The method of claim 1, wherein step (b) comprises the steps of: 
generating, by the mobile node and the authentication server, the third private key with 

the first authentication information generated by the mobile node during previous authentication; 

generating, by the mobile node, second authentication information to be used during next 
authentication request, and transmitting a fourth enciphered message generated by enciphering 
the second authentication information with the third private key to the authentication server; 
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storing, by the authentication server, the second authentication information acquired by 
deciphering the fourth enciphered message with the third private key and generating the second 
session key for secure communication; 

transmitting, by the authentication server, a fifth enciphered message generated by 
enciphering the second session key and the authentication information with the third private key 
to the mobile node, and transmitting a sixth enciphered message generated by enciphering the 
first session key and the authentication information with the second private key previously shared 
with the second access point to the second access point; 

acquiring, by the second access point, the second session key by deciphering the sixth 
enciphered message with the second private key, and acquiring, by the mobile node, the second 
session key by deciphering the fifth enciphered message with the third private key; and 

performing secure communication by the mobile node and the second access point by 
using the second session key. 

8. (Original) The method of claim 7, wherein the second authentication information 
includes a temporary identifier of the mobile node, a password for generating a private key to be 
used during next authentication, and a random number. 

9. (Original) The method of claim 8, wherein the fourth enciphered message includes a 
previous temporary identifier of the mobile node and the second authentication information. 

10. (Original) The method of claim 8, wherein the fifth enciphered message includes the 
second session key and the random nxmiber. 

11. (Original) The method of claim 8, wherein the sixth enciphered message includes the 
second session key, the random number, and the temporary identifier of the mobile node. 

12. (Original) A method for performing authentication by a mobile node in a wireless 
local area network including at least two access points for setting up wireless association with the 



mobile node and an authentication server for authenticating the mobile node, the method 
comprising the steps of: 

when associating with a first access point and performing initial authentication, 
generating a first private key with a secret previously shared with the authentication server; 

generating first authentication information to be used during next authentication request, 
and transmitting a first enciphered message generated by enciphering the first authentication 
information with the first private key to the authentication server; 

upon receiving a second enciphered message fi-om the authentication server in response to 
the first enciphered message, acquiring a first session key by deciphering the second enciphered 
message with the first private key; and 

performing secure communication with the first access point by using the first session 

key. 

13. (Original) The method of claim 12, wherein the first authentication information 
includes a temporary identifier of the mobile node, a password for generating a private key to be 
used during next authentication, and a random number. 

14. (Original) The method of claim 13, wherein the first enciphered message includes a 
permanent identifier of the mobile node and the first authentication information. 

15. (Original) The method of claim 13, wherein the second enciphered message includes 
the random number and the first session key. 

16. (Original) The method of claim 12, fiirther comprising the steps of: 

when being handed over fi-om the first access point to a second access point and 
performing re-authentication, generating a second private key with the first authentication 
information generated during previous authentication; 

generating second authentication information to be used during a next authentication 
request, and transmitting a third enciphered message generated by enciphering the second 
authentication information with the second private key to the authentication server; 
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upon receiving a fourth enciphered message from the authentication server in response to 
the third enciphered message, acquiring a second session key by deciphering the third enciphered 
message with the second private key; and 

performing secure communication with the second access point by using the second 
session key. 

17. (Original) The method of claim 16, wherein the second authentication information 
includes a temporary identifier of the mobile node, a password for generating a private key to be 
used during next authentication, and a random number. 

18. (Original) The method of claim 17, wherein the third enciphered message includes a 
previous temporary identifier of the mobile node and the second authentication information. 

19. (Original) The method of claim 17, wherein the fourth enciphered message includes 
the random number and the second session key, 

20. (Original) A method for performing authentication of a mobile node by an 
authentication server in a wireless local area network including at least two access points for 
setting up wireless association with the mobile node and an authentication server for 
authenticating the mobile node, the method comprising the steps of: 

when the mobile node associates with a first access point and performs initial 
authentication, generating a first private key with a secret previously shared with the mobile 
node; 

upon receiving a first enciphered message from the mobile node, acquiring first 
authentication information to be used during next authentication by deciphering the first 
enciphered message with the first private key; 

generating a first session key for secure communication of the mobile node; 

generating a second enciphered message by enciphering the first session key and the first 
authentication information with the first private key, and transmitting the second enciphered 
message to the mobile node; and 
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generating a third enciphered message by enciphering the first session key and the first 
authentication information with a second private key previously shared with the first access 
point, and transmitting the third enciphered message to the first access point. 

21. (Original) The method of claim 20, wherein the first authentication information 
includes a temporary identifier of the mobile node, a password for generating a private key to be 
used during next authentication, and a random number. 

22. (Original) The method of claim 21, wherein the first enciphered message includes a 
permanent identifier of the mobile node and the first authentication information. 

23. (Original) The method of claim 21, wherein the second enciphered message includes 
the random number and the first session key. 

24. (Original) The method of claim 21, wherein the third enciphered message includes the 
first session key and the random number. 

25. (Original) The method of claim 20, fiirther comprising the steps of: 

when the mobile node is handed over fi-om the first access point to a second access point 
and performs re-authentication, generating a third private key with the first authentication 
information received fi-om the mobile node during previous authentication; 

upon receiving a fourth enciphered message fi"om the mobile node, acquiring second 
authentication information to be used during next authentication by deciphering the fourth 
enciphered message with the third private key; 

generating a second session key for secure communication of the mobile node; 

generating a fifth enciphered message by enciphering the second session key and the 
second authentication information with the third private key and transmitting the fifth enciphered 
message to the mobile node; and 



generating a sixth enciphered message by enciphering the second session key and the 
second authentication information with the second private key previously shared with the second 
access point, and transmitting the sixth enciphered message to the second access point. 

26. (Original) The method of claim 25, wherein the second authentication information 
includes a temporary identifier of the mobile node, a password for generating a private key to be 
used during next authentication, and a random number. 

27. (Original) The method of claim 26, wherein the fourth enciphered message includes a 
permanent identifier of the mobile node and the second authentication information. 

28. (Original) The method of claim 26, wherein the fifth enciphered message includes the 
random number and the second session key. 

29. (Original) The method of claim 26, wherein the sixth enciphered message includes 
the second session key and the random number. 

30. (Original) A method of performing authentication of a mobile node by an access point 
with which the mobile node initially associates or re-associates due to handover, in a wireless 
local area network including the access point for setting up association with the mobile node and 
an authentication server for authenticating the mobile node, the method comprising the steps of: 

when associating with the mobile node and performing authentication, receiving an 
enciphered message from the authentication server; 

acquiring a session key for secure communication with the mobile node by deciphering 
the enciphered message with a private key previously shared with the authentication server; and 

performing secure communication with the mobile node by using the session key. 

31. (Original) The method of claim 30, wherein the enciphered message includes a 
temporary identifier generated by the mobile node during previous authentication, and a random 
number. 



32. (New) A method for authenticating a mobile node in a wireless local area network 
including at least two access points for setting up wireless association between the mobile node 
and an authentication server for authenticating the mobile node, the method comprising the steps 
of: 

generating, at the mobile node, a mobile private key with a security word shared with the 
authentication server; 

generating authentication information to be used in a next authentication procedure; 

transmitting the authentication information to the authentication server; 

transmitting a session key from the authentication server to the mobile node and the 
access point; and 

conununicating between the mobile terminal and the access point using the session key. 

33. (New) The method of claim 32, wherein the step of transmitting the authentication 
information includes: 

generating a first enciphered message by enciphering the first authentication information 
with the mobile private key; and 

transmitting the first enciphered message to the authentication server. 

34. (New) The method of claim 33, wherein the step of transmitting the session key 
includes: 

recovering, at the authentication server, the authentication information by deciphering 
the first enciphered message with the first private key; 

generating the session key using the first authentication information; 

generating a second enciphered message by enciphering the session key and the 
authentication information with the mobile private key; 

transmitting the second enciphered message to the mobile node; 

generating a third enciphered message by enciphering the session key and the 
authentication information with the access point private key; 

transmitting the third enciphered message to the access point; 



acquiring, at the mobile node, the session key by deciphering the second enciphered 
message; and 

acquiring, at the first access point, the session key by deciphering the third enciphered 
message. 

35. (New) The method of claim 34, wherein the authentication information includes a 
temporary identifier of the mobile node, a password for generating the mobile private key to be 
used during next authentication, and a random number. 
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